Hey I’m new to solid, I wanna make a solid app just to explore the technology, but I’m not sure if there is any security benefit of solid when we already have end-to-end encryption technology? Thanks
Hello and welcome. The “end-to-end” part of end-to-end encryption is a little vague. Likewise, discussing about security means that you need to tell us what kind of attack you want to protect yourself, against who.
Here is my personal opinion. The more important question is to know, as a user, who you trust with your data, what mistakes you can make and what consequences they could have. So the most useful definition of security is to protect yourself against your mistakes. For instance, if you accidentally publish your private key for a web-of-trust-like social network, it means that you automatically lose all your contacts in the social network. If you just publish your digital signature for a message, then until you change your key (and thus, drop all your contacts again), it can be traced directly to you without possible mistake, against your will. You are not in control.
With Solid, if your data leaks and is copied somewhere else, then it has little value because it is not under your authority so there’s no way to measure how accurate it is, and it will never be updated. This simple fact is likely to protect you against a company gathering all the data it can and leaking it to the spammers, because there’s no incentive for the company to keep a copy of your data anyway.
hey thanks so much for the detailed reply, in terms of end-to-end here, I was actually thinking about what’s app, so a user shares data with another user, and since what’s app uses end-to-end encryption, I was wondering if exchanging data through solid has better security benefits.
One thing I can think of is that if the user doesn’t trust some apps, maybe they can host pods themselves, and that would be very safe.
Unfortunately, I’m not familiar with what’s app, so I can’t help much.
In what’s app, how do you know that you are sharing data with the right person? Do you check the key fingerprints, scan each other’s QR code, or something like that?
So the following is only a non-technical non-answer, sorry.
There’s an elephant in the room. What’s app is a proprietary application of Facebook. Whatever it claims about end-to-end encryption, there is no way to know for sure that it doesn’t have a back door. By back door, I mean something that collects the words of the conversation to train Facebook’s recommender system by collecting all the data it can about you. I’m not talking about criminals planning their crimes, or something like that. Maybe it’s helpful if you are a criminal to put as many layers of hindrance to the legal investigations, I don’t know and frankly I don’t care.
As I understand it, it is the responsibility of the CEO to protect and develop the company on behalf of its owners. Nowadays, it means collecting a lot of data by tricking (if not directly lying to) the user. By the history of Facebook, I see no reason to believe that the owners want to develop the company by preserving the privacy of the users above the direct profit of selling the data (in some form or another) to third parties. Thus, I don’t understand why there would NOT be a backdoor in What’s app. Note that, in Solid, it’s useless to sell data to third parties, because the third party has no way to assess the quality of the data (that user could be a bot) and it could just ask the user for the data without the Facebook middleman.
I believe that that habit of Facebook to disregard the user’s privacy is a direct consequence of its monopoly. If there was competition, you could be profitable by running a company respecting the user’s privacy. Until then, I wouldn’t consider What’s app’s end-to-end encryption claims as anything you should trust.
It’s always nice to see what others think, and yeah I agree with you that the technology is safe, but there might be some back doors inside the app. Thanks again!